System Settings

Table of Contents

• System Settings

  • Users

    • Users List

    • Creating a user

    • Editing a user

    • Deleting a user

    • Resetting a user’s password

    • Resetting the admin password

  • Roles and Permissions

    • Introduction to Roles and Permissions

      • General information

      • Roles

      • Permissions

    • Configuring Roles

      • Adding a new role

      • Editing an existing role

      • Deleting an existing role

    • Default permissions matrix

  • Cases

    • Cases List

    • Adding a case

      • Mapping AD groups to roles

    • Editing a case

    • Archiving a case

    • Restoring an archived case

    • Deleting a case

  • Networking

    • Schedule bandwith throttling

      • Setting a daily schedule

      • Setting a custom schedule

    • Network interface

    • Mailer settings

    • Proxy settings

    • Zabbix monitoring

    • SSL Settings

      • Use a self-signed certificate

      • Submitting a CSR

      • Upload own certificate and keyfiles

  • Security

    • Enabling Active Directory integration

    • Enabling Single Sign-on

  • Software & Support

    • Activation Key

    • Software version

    • Updates

    • Remote Connection

  • General Settings

  • Backup Settings

  • Look and Feel

Users

Overview of the User administration page. Here it’s possible to create, edit, and delete users. You can also reset their password from this page.

Note

When Active Directory integration is enabled, the users and managers are administrated through the Active Directory.

Users List

The listview provides administrators with some useful information and features. In the table the following columns are present:

• Username

  Username of the user.

• User E-mail

  E-mail address of the user.

• Cases

  List of cases that the user has access to, separated by the pipe (“|”) symbol.

• Created At

  Creation timestamp of the user.

• Actions

  • Yellow key button: Reset a user’s password.

  • Blue paper button: Edit a user.

  • Red trashbin button: Delete a user.

Creating a user

Creating a user is done by clicking the green “Add New” button. A popup will open:

Simply fill in the following details, and click “Add User” when done.

• Username

  Username for the new user. The username must be unique.

  This username is used to sign in into INDICA.

• Full Name

  Full name of the user. If given, this name will be displayed instead of the username.

• E-mail

  E-mail address of the user.

• Password (2x)

  Choose a password for the user.

  Use a strong password to prevent unauthorised access.

• Case(s)

  Choose the case(s) that the user should have access to.

• Role configuration (only available when AD integration is not activated)

  Choose role(s) for the new user.

  Available roles are dependant on the setup of Roles and Permissions.

  In the top drop-down, cases can be selected. Once a case is selected, roles can be selected in the bottom dropdown for each case.

Note

Creating users is not needed when AD integration is enabled and configured. INDICA will import the user’s information from the AD upon signing in.

Editing a user

Editing a user is done by clicking the blue paper button in the “Actions” column of the “Users List”. A popup will open:

Here you can edit the settings of the user. When done, click “Edit user” to save the changes.

Deleting a user

Deleting a user is done by clicking the red trashbin button in the “Actions” column of the “Users List”.

A confirmation popup will open. Click “Delete” to permanently delete the user. This action cannot be undone.

Note

Deleting a user that signed in using AD integration does not prohibit that user from signing in again. The user needs to be removed from the AD groups on the AD side.

Resetting a user’s password

Resetting a user’s password only works when there is no AD integration active.

Resetting a user’s password is done by clicking the yellow key button in the “Actions” column of the “Users List”. A popup will open:

Simply pick a new password, confirm it, and click “Reset Password”. The user can now authenticate using the new password.

Note

The user will not be notified by INDICA that their password has changed.

Resetting the admin password

When the password of the only Admin account has been lost, there is a way to reset the password.

To do this, SSH access and root-level permissions on the appliance are needed. When logged in into the appliance, navigate to the following directory:

cd /net/www

Then, run the following command:

php artisan user:resetpw

The command will ask for the username and then for a new password.

Note

When typing the new password, nothing will be displayed.

You should now be able to authenticate in the front-end with the new password.

Roles and Permissions

When working with sensitive data, protecting that data and making sure users will only see that they need to see is very important. To accommodate this, INDICA features a Roles and Permissions system. With this system, it is possible to define custom roles and assign permissions to those roles. This gives complete control over what a user can and cannot do, while still keeping it maintainable and scalable.

Introduction to Roles and Permissions

General information

Roles and Permissions are a part of the Admin portal. This means that only administrators (or anyone with the corresponding role, if assigned by an administrator) can change the setup of roles and permissions. Users with the Admin role are unlimited in their actions. However, every action an administrator takes is logged for audit purposes. Logged actions cannot be changed by any administrator.

Changing the setup of roles and permissions can (by default) only be done by Administrators. However, changing the roles and permissions is a permission in itself, meaning it can be assigned to other roles if desired.

Roles

A role can be assigned to a user or a group of users. These roles have permissions assigned to them. A user can have multiple roles, and roles can have multiple permissions.

Roles can be mapped to AD groups, more information about mapping can be found in the section Mapping AD groups to roles.

The following roles are configured by default:

• Admin

  Typically assigned to administrators.

  Administrators can see and do anything on the system.

  They have unlimited access to all cases and all settings.

  Administrators are responsible for setting up and maintaining the INDICA Appliance.

• Manage

  This role is intended for Case Managers.

  Case managers can see and change settings to the cases they are assigned on.

  They are responsible for case settings like workflows, tags, data sources, etc.

• Advanced User

  The “Advanced User” role is for trained and experienced users.

  This role gives more information and features on the Search page.

• Basic User

  The “Basic User” role is for new users with limited rights.

  This role gives access to a limited Search page with only basic functionality.

• System Api

  Internal system user. Is only used for INDICA’s inner workings.

  Changing or assigning this role is not needed.

Note

Roles are system-wide. This means that when a role is edited, the permissions of that role will apply to all cases that use this role. If this behavior is not desired, it is possible to create roles for a specific Case and use those roles for that Case. This allows administrators to have Case-specific roles (and permissions).

Permissions

A permission is something a user can see or do in the system. This can be assigning a tag, viewing document content, changing settings, etc. These permissions are attached to a role, and roles are attached to users (or AD groups, see Mapping AD groups to roles).

New permissions cannot be created by the administrator or any other user. This is because permissions are defined in the sourcecode of the INDICA Appliance. New permissions will be included in future releases of INDICA. If you’re an existing customer, they can also be requested. Contact INDICA for more details.

For a full list of all permissions, their description and which roles have which permission, please refer to the Default permissions matrix.

Note

Permissions cannot be deleted. They can be edited, but only the display name and the description can be changed.

Configuring Roles

Adding a new role

A new role can be created by clicking the “+ New Role” button on the “Roles” setup page. The following screen will open:

In this form, the following information is required:

• Name/Code

  Cannot be filled in by the user, will be generated based on the Display Name.

• Display Name

  Name of the role, for example “Basic User with advanced querying and filtering”.

• Description

  Description of this role, so they can be distinguished.

• Permissions

  Check the boxes for the required permissions.

Note

In this example, the new role is an extention of an already existing role. This means that if this new role is assigned to a user alongside the already existing role, the permissions of both roles will be combined. This makes it unnecessary to select all permissions while setting up this new role. The best course of action will be to select the extra permissions and assign both roles to the user(s). However, it is also possible to add the permissions of the “Basic User” role to this role as well, and only assign this role to the user(s).

Once all information is entered, it will look like the following image:

Once done, click “Save” to save your new role. It should now be displayed in the overview. This role can now be assigned to user(s).

Editing an existing role

To edit an existing role, click the “Edit” option. The following page will be displayed:

Simply make the edits needed, and click “Save” to save the changes.

Note

The system will immediately recognise the changes and assign the changed permissions to the users that have this role assigned. In some situations it may be necessary to sign out and sign back in for the changes to take effect.

Deleting an existing role

To delete an existing role, click the “Delete” option. A confirmation prompt will open, asking you if you’re sure you want to delete this record. Click “OK” to delete this role.

Note

Deleting a role that is assigned to user(s) may have implications on the permissions of the user(s). It is advised to deattach the role before deleting it.

Default permissions matrix

This table shows the Authorisation Matrix of the default roles and permissions.

Permission Matrix

Permission name	Description	Role(s)
users-create	Grants permission to create new local users	Admin
users-read	Grants permission to read users in Admin portal	Admin
users-update	Grants permission to update users in Admin portal	Admin
users-delete	Grants permission to delete local users in Admin portal	Admin
workflows-create	Grants permission to create new workflows in Manage portal	Admin Manage
workflows-read	Grants permission to read existing workflows in Manage portal	Admin Manage Advanced User
workflows-update	Grants permission to update existing workflows in Manage portal	Admin Manage
workflows-delete	Grants permission to delete workflows in Manage portal	Admin Manage
gdpr-dashboard-use	Grants permission to use the Privacy Dashboarding	Admin Manage Advanced User
document-download-use	Grants permission to download original documents	Admin Manage Advanced User
mass-tagging-use	Grants permission to use tagging in batches by query and page	Admin Manage Advanced User
query-to-csv-use	Grants permission to export query results to CSV file	Admin Manage Advanced User
advanced-query-use	Grants permission to use the Advanced Query Builder	Admin Manage Advanced User
advanced-filtering-use	Grants permission to use Advanced Filtering	Admin Manage Advanced User
view-content-use	Grants permission to view document content	Admin Manage Advanced User Basic User
comments-use	Grants permission to create read update and delete comments on documents	Admin Manage Advanced User Basic User
all-duplicate-paths-read	Grants permission to view all paths of a document with duplicates	Admin Manage
tagging-use	Grants permission to use the tagging functionality	Admin Manage Advanced User Basic User
tagging-create	Grants permission to create new tags in Manage portal	Admin Manage
tagging-read	Grants permission to view existing tags in Manage portal	Admin Manage
tagging-update	Grants permission to update existing tags in Manage portal	Admin Manage
tagging-delete	Grants permission to delete tags in Manage portal	Admin Manage
modify-permissions-use	Grants permission to modify Roles & Permissions	Admin
blackline-create	Grants permission to redact documents	Admin Manage Advanced User
blackline-read	Grants permission to view redacted documents	Admin Manage Advanced User
blackline-update	Grants permission to update already redacted documents	Admin Manage
blackline-delete	Grants permission to remove redacted documents	Admin Manage

Cases

Overview of the Case administration page. Here it’s possible to create, edit, archive and restore cases.

Cases List

The listview offers some settings and features. The checkboxes can be used to toggle functionality or settings on a case. The columns in the table are:

• On

  Whether the case is enabled or not. This setting can be toggled on the “Edit Case” page.

• Backup

  Whether the case will be backed up when backup settings are configured.

• Spider?

  Enable or disable the spider for this case.

  Caution

  Do not disable the spider during indexing.

• Arch.

  Whether the case is archived or not.

• Class.

  Enable or disable the Classification Module.

• GDPR

  Enable or disable the GDPR module.

• Users

  Name of the Active Directory group to grant “User”-level access to this case.

• Managers

  Name of the Active Directory group to grant “Manager”-level access to this case.

• Actions

  • Yellow boxes button: Click this button to archive the case.

  • Blue paper button: Edit this case.

  • Red trashbin button: Delete this case.

    Note

    All but one case can be deleted. The system needs at least one running case.

Adding a case

From this page, it’s possible to create a new case on the appliance. Simply click the “Add Case” button. You will be redirected to the following page:

Here you can fill in the following details:

• Name

  Name of the case.

• Description

  Description of the case.

• Enabled

  Whether the case is enabled or not. If unchecked, the case will not show up for users and managers.

• AD Group for managers (Only available when AD integration is active and configured)

  The Active Directory group that is used to grant users access to this case with “Manager”-level.

• AD Group for users (Only available when AD integration is active and configured)

  The Active Directory group that is used to grant users access to this case with “User”-level.

• Extra role mappings (Only available when AD integration is active and configured)

  This option allows you to map extra roles to AD groups. See Mapping AD groups to roles.

Tip

If AD integration is not enabled, it is still possible to set up Roles and Permissions for users.

When all details are filled in, click the “Create” button. A new case will be created. This may take several seconds, depending on the size of the system and the amount of indexed data.

Mapping AD groups to roles

If more roles need to be connected to AD groups, it is possible to map them. To do this, navigate to the Case settings page and edit the case in question.

It can also be setup during the creation of a new case.

You will see the following:

Two possible mappings may be presented already:

• Select AD Group for Managers

  Use this option to select an AD group that will give its users the Manager role in INDICA

• Select AD Group for Users

  Use this option to select an AD group that will give its users the User role in INDICA

In addition, the button “Add Role mapping” may be pressed to present a blank line:

In this line, select the desired role on the left side and the corresponding AD group on the right side. This step can be repeated for every role that needs an AD mapping.

Mappings can also be removed by clicking the red trashbin icon on the right side of the row.

In some situations, a message stating “Modifying AD mappings will logout all users belonging to the group” may be displayed. This means that users will get a forced logout in order for the new settings to take effect.

When done, click “Save” to store the settings.

Editing a case

To edit a case, navigate to the “Cases List” and click the blue paper icon in the “Actions” Column. The following page will open:

From here, it’s possible to edit the case. See “Adding a case” for details about the fields. Click “Save Changes” when the desired changes have been made.

This page also shows the users that have access to this case and the created collections in this case.

Archiving a case

To archive a case, navigate to the “Cases List” and click the yellow boxes icon in the “Actions” column. INDICA will now automatically archive this case. The case will be disabled and cannot be accessed anymore.

When the archiving is done, the case will be displayed in the “Cases Archive list”.

Note

This list displayes the archived cases by their Case ID as this is unique for every case.

From this list, the archived case can be downloaded in a .tar.gz format. The downloaded file will contain everything that is needed to later restore the case.

If the archived case is no longer needed, it can be deleted by clicking the red trashbin icon.

Caution

This action is irreversible and the data is lost permanently.

Restoring an archived case

INDICA offers the possibility to restore a previously archived case. To do this, navigate to the “Cases List” page. Here a section is shown where you can upload INDICA .tar.gz files.

Click the “Choose File” button to select the .tar.gz archive. After choosing the correct file, the upload will start. When the upload is done, click the “Submit” button to restore the case from the archive. The case will now be restored and displayed in the “Cases List”.

Deleting a case

Deleting a case is done from the “Cases List” page. In the “Actions” column, a red trashbin icon is displayed. When that icon is clicked, a confirmation box will pop up. This is to prohibit accidental deletion.

Caution

Deletion of a case is permanent and irreversible. This action cannot be undone.

There must always be one case in the system. The last case cannot be deleted.

Networking

Overview of the Networking page.

On this page, several settings regarding networking can be configured:

• Schedule bandwith throttling

  Schedule how much bandwith the INDICA appliance may use at certain times/days.

• Network interface

  Basic settings for configuring the network interface

• Mailer settings

  Connect INDICA to a mail server so it can send out notifications

• Proxy settings

  Configure a proxy server

• Zabbix monitoring

  Configure zabbix monitoring

• SSL Settings

  Configure a Secure Socket Layer certificate for the web front-end.

Schedule bandwith throttling

While indexing, the INDICA appliance can take up quite a bit of network bandwith. To make sure that the infrastructure will not be overloaded, you can schedule the maximum allowed bandwith to be used by the INDICA appliance.

There are two options for scheduling:

• Daily Schedule

  This schedule will apply every day. It allows you to set a throttle start time and stop time, and the maximum Mbps it may use.

• Custom Schedule

  This schedule allows you to select the days. It allows you to set a throttle start time and stop time, and the maximum Mbps it may use.

Setting a daily schedule

First, click the “Change schedule” button. You will be presented with the following options:

Then, pick a time for the throttle to start and to stop. Lastly, enter a value for the maximum Mbps the appliance may use.

Click “Save changes” to apply the schedule. The schedule should now be active.

Setting a custom schedule

First, click the “Change schedule” button. You will be presented with the following options:

Now click the days you want the schedule to be active. Then, pick a time for the throttle to start and to stop. Lastly, enter a value for the maximum Mbps the appliance may use.

Click “Save changes” to apply the schedule. The schedule should now be active.

Network interface

In most cases, the network will be configured by DHCP. In case that is not true in your setup, this panel allows you to set the correct network settings.

Here you can configure the following settings:

• IP address

• Subnetmask

• Gateway

• DNS Nameserver

Note

When the checkbox “Set by DHCP?” is checked, these settings cannot be changed.

Mailer settings

Here you can configure INDICA to connect to a mail server so it can send out emails.

It needs the following information:

• Mail address

• SMTP server

• SMTP port

• Mail user

• Mail password

After entering the correct information, click “Save Changes” to apply the changes.

Proxy settings

This panel contains the Proxy settings.

Note

To use credentials, enter the settings in the following format:

http(s)://[user]:[password]@[proxyserver]:[port]

Zabbix monitoring

Here you can enter the settings for Zabbix monitoring.

It needs:

• Zabbix Server (IP address)

• Zabbix Hostname (usually ‘indica’)

SSL Settings

SSL Settings allows you to use SSL to secure the client-server traffic of the web-based frontend.

Note

Make sure all configuration is added correctly before enabling SSL. If SSL is enabled before all information is given, it may make the front-end inaccessable.

SSL can be set up in three ways:

• Use a self-signed certificate

• Submit a CSR (Certificate Signing Request)

• Upload own certificate and keyfiles

Use a self-signed certificate

When clicking the button “New Self-Signed Certificate”, you will be prompted to fill in some information:

After filling in the fields, click “Submit”. The certificate is now active.

Important

Modern browsers may still notify to the user that the connection may not be secure when a self-signed certificate is used.

Submitting a CSR

When clicking the button “New CSR”, you will be prompted to fill in some information:

After filling in the fields, click “Submit”.

Upload own certificate and keyfiles

INDICA also provides the option to use your organisation’s own certificate and keyfiles. They can be uploaded after clicking the “Upload files” button. It wil then prompt the following files:

Upload the corresponding files, and then click “Submit” to activate.

Security

Security Settings allows different ways to authenticate users. It is possible to setup an integration with an Active Directory (AD) and OpenLDAP, as well as Single Sign On (SSO). There is also a setting to disable reading the ACL from shares. This means that every user in INDICA can see all documents, regardless of Whether or not they are allowed to see the document on the original data source.

Enabling Active Directory integration

Active Directory integration allows for user and group management in the existing AD/LDAP environment. To make use of it, an account which can be used to ‘bind’ to the AD/LDAP is needed. Then, fill in the following information:

• Check the ‘Use AD integration’ box

• Enter the hostname or IP. Usually, IP works better due to resolving the name.

• Enter the correct port

• Enter the Workgroup Name (NETBIOS)

• Enter the Domain Name (realm)

• Enter the Bind Username (with NETBIOS/realm notation)

• Enter the password of the Bind User

• (optional; if needed) Check the box ‘Authenticate against AD Forest’

Then, click on ‘Test Connection’. If everything is setup and entered correctly, INDICA should report back the first 10 AD groups it can find. If this is the case, click ‘Save Changes’ to store and apply the settings.

Now, the existing AD structure can be used to map existing AD groups to INDICA cases and roles.

This is done by setting up two (or more, depending on the Roles and Permissions setup) groups per INDICA case:

• A User-level access group.

• A Manager-level access group.

These two groups can then be linked to the corresponding INDICA case in the Case Settings. When all groups are set up, users can be added to or removed from the group at will. Edits to the groups in the AD/LDAP environment will be reflected in INDICA immediately.

Tip

More groups can be created and mapped to specific roles. See Mapping AD groups to roles for more information.

Enabling Single Sign-on

Single Sign-on(SSO) allows users to access the INDICA interface without having to bother with a username and password. INDICA will automatically sign in users if they are already authenticated.

SSO needs the following information:

• Domain Controller

• Domain Controller 2 (optional)

• Workgroup Name (NETBIOS)

• Domain Name (realm)

• Second UPN Realm (only enter if specifically needed)

• Appliance Name

• Join Account (only used once)

• Join Password (only used once)

When using SSO, some actions may be required on different parts of the infrastructure (outside the INDICA appliance). Use the following list to make sure everything is set-up properly:

• NTP service available on DC1.

• Appliance name needs to be added to DNS.

• Join account has sufficient rights.

When everything is set-up properly, users should be able to access the INDICA interface without having to authenticate themselves.

Software & Support

The Software & Support section helps managing the current license, software versions, and support connection.

Activation Key

Here you can view and edit the software key that is used to activate your INDICA appliance.

Note

Please keep in mind that the keys are not interchangable between appliances, as they are tied to the hardware as well. In case a new appliance needs to be activated, contact INDICA support to assist you.

Software version

This panel allows you to check the current software version.

It shows you the current version number, as well as the version numbers of all the packages as well. It is possible to update packages by hand, and if needed, roll back to previous versions. This can only be done if there was a previous version installed on the appliance.

With the ‘Select package’ option, a package can be uploaded to the appliance. INDICA will automatically recognise the type of package uploaded, and it’s version and add the package to the overview if it has a newer version than currently active.

Clicking the switch in the ‘Previous’ column rolls back the version of active package.

Updates

This panel allows you to toggle automatic updates on or off. You can also specify Whether offline packages should be used or not.

Remote Connection

This option allows appliance administrators to toggle remote connections. The remote connections are used by INDICA engineers to remotely troubleshoot and support your appliance. It is advised to leave this setting turned on.

Here you can also copy the public SSH key of the appliance, and force a remote connection to the INDICA server.

General Settings

This section of the settings allow you to configure a few things:

• Use internal user DB

  When not connected to an external authentication service, it is possible to use the internal authentication database.

• Solr Index Node

  Location of the Solr index node. Only to be edited when running in a cluster Be careful, as changing this setting may lead to an unstable/broken cluster

• Solr Query Node

  Location of the Solr query node. Only to be edited when running in a cluster Be careful, as changing this setting may lead to an unstable/broken cluster

• Tika Location Full URI

  If Apache Tika is hosted externally, then edit this value to point the indexer to the correct location

• Enable logging API

  Enable logging API so logging can be used with external programs/services

  Warning

  This might be a security issue! Case information will be accessible externally

Backup Settings

This page allows you to setup the backup location. It needs the following information:

• UNC path of the backup location

  Location where INDICA can read and write it’s backups to

• Backup username

  Username for INDICA to authenticate on the backup location

• Backup password

  Password of the corresponding user that INDICA can use to authenticate on the backup location

Look and Feel

INDICA allows you to apply your custom Look and Feel to the appliance. This can be done on two levels:

• Appliance level

  This is configured in the admin interface and applies to the admin section

• Case level

  This is configured in the case management interface and applies to that case only This allowes for customised look and feel in different cases

The settings allow you to change the following:

• Application front-end language

  Supported languages: Dutch, English, French, German

• Logo

  PNG format, 250x50 pixels, max 20kb

• Fonts, interface and text colors

  Allows changing the colors and fonts of the main interface

• GDPR fonts and colors

  Allows changing the colors and fonts of the GDPR interface

When hovering the mouse over the color pickers, a preview is shown:

All values can be changed individually, and reset to default if needed.